8.5 State Management

Flash Remoting provides support for ASP.NET state management by maintaining the session ID on all requests to the server. This allows ASP.NET to identify an existing session and application state.

In essence, a session is the server-side corollary of a client-side cookie. It is an object in the server's memory that retains key information on a user throughout his visit to a web site. An example of state management across multiple pages is a login and validation system. A web form can pass login criteria, such as username and password, to an application. If the username and password are acceptable, a session variable containing the username is created. All subsequent requests to ASP.NET pages within the application can check if the user is logged in and, if so, display the user's name.

ASP.NET also allows developers to customize their state management settings to loosen or tighten security. Typically, if a web user is inactive for 20 minutes, the session object for the user is destroyed. This time limit can be changed by tweaking the web.config file for your ASP.NET application.

Session and application state management is supported by ASP.NET pages and .NET XML web services, but not assemblies. Class libraries requiring state management must implement a custom solution or establish state through an ASP.NET page.

In addition to the benefits for ASP.NET applications, state management can be used by Flash Remoting. This can allow Flash applications to provide personalized data or allow multiple Flash applications using Remoting to share data specific to a user.

In our example of state management with Flash Remoting, we develop a web form (shown in Figure 8-1) that collects a user's name and age and stores it in the session. We then create a Flash application that uses this session information to display the user's name and age.

Figure 8-1. An ASP.NET web form used to collect session data

The web form uses two ASP.NET text objects and a Submit button to collect the age and name information:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/
<%@ Page Language="C#" ContentType="text/html" ResponseEncoding="iso-8859-1" %>
<script runat="server">
protected void submit_click (Object Src, EventArgs E) {
  Session["name"] = name.Text;
  Session["age"] = age.Text;
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<h1>Flash Remoting MX: The Definitive Guide </h1>
<p>Please supply your name and age</p>
<form runat="server">
Name: <asp:textbox id="name" runat="server" />
<br />
Age: <asp:textbox ID="age" runat="server" />
<br />
<asp:button ID="submit" Text="Submit" OnClick="submit_click" runat="server" />
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://
swflash.cab#version=6,0,29,0" width="300" height="150">
  <param name="movie" value="../../../../userInfo.swf" />
  <param name=quality value=high />
  <embed src="../../../../userInfo.swf" quality=high pluginspage="http://www.
index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/
x-shockwave-flash" width="300" height="150"></embed>

As you see in the preceding code snippet, the name and age variables are stored in the Session object as Session["name"] and Session["age"]. This allows us to access the variables in our Flash file through Flash Remoting.

State management works only when viewing your Flash application through a browser. The Test Player in the Flash development environment does not work with cookies, thus handicapping ASP.NET's state management features. This is why the .swf file is tested from an .aspx page, rather than in the Flash Test Player.

The ASP.NET page that acts as our Flash Remoting service merely creates an ASObject with two properties for the name and age. If the Session variable is undefined, the page returns a null value to Flash:

<%@ Page Language="C#" ContentType="text/html" ResponseEncoding="iso-8859-1" %>
<%@ Import Namespace="FlashGateway.IO" %>
<%@ Register TagPrefix="MM" Namespace="FlashGateway" Assembly="flashgateway" %>
<script runat="server">
protected void Page_Load (Object Src, EventArgs E)
  ASObject userinfo = new ASObject( );
  userinfo.ASType = "UserInfo";

  userinfo.Add("name", Session["name"]);
  userinfo.Add("age", Session["age"]);

  flash.Result = userinfo;
<MM:Flash id="flash" runat="server" />

To set up our Flash application, define two dynamic text fields, lblName_txt and lblAge_txt, to display our two session properties, name and age. Remember that our remote service is returning an ActionScript object with two properties, so we must define and register the UserInfo class:

#include "NetServices.as"

var myURL = "http://localhost/frdg/flashservices/gateway.aspx";
var servicename = "frdg.com.oreilly.frdg.stateservice";

var connection = NetServices.createGatewayConnection( )
var stateservice = connection.getService(servicename, this);

function UserInfo ( ) {

Object.registerClass("UserInfoClass", UserInfo);
stateservice.getUserInfo( );

function getUserInfo_Result (result) {
  lblName.text =  result.name;
  lblAge.text = result.age;
function getUserInfo_Status(err) {
  trace("Error: " + err.description);

Using this approach, you can create a Flash application that checks for a session variable indicating whether the user is logged in, and display information accordingly.

    Part III: Advanced Flash Remoting